FSD150: Validation tests of modes, power supply, and configuration¶
Title |
FSD150: Validation tests of modes, power supply, and configuration |
Products |
Safety Simplifier |
Requirements |
|
Purpose |
|
Input |
FSD120 |
Output |
Test specifications |
Table of contents¶
Description¶
This document describes the validation tests of modes, power supply, and configuration for the Safety Simplifier, as identified from FSD120.
Tests¶
Configure a unit with at least one active output running in normal mode. Activate the configuration mode via USB and verify that all active outputs turn off. |
Activated configuration mode via USB, all active outputs turned off as expected. |
Connect configuration tool to unit without activating configuration state. Attempt reconfiguration commands via USB and radio. Verify unit rejects reconfiguration attempts and continues normal operation. |
Unit replied NOK to USB reconfiguration commands and no response to radio commands. Unit continued normal operation as expected. |
Configure system with two nodes. Control outputs on node 2 using a global memory from node 1. Remove power supply to node 1 while monitoring outputs on both units. Verify all outputs go to safe state (0V) when power is lost. |
When power to node 1 was removed, outputs on node 1 fell instantly. Outputs on node 2 fell after timeout (100ms) as expected. |
Configure lower voltage limits to 7V, 22V, and 30V. Slowly lower power supply voltage below each set limit. Verify unit enters safe state (fatal error) and all outputs go to 0V. |
Unit correctly entered safe state for all tested voltage limits (7V, 22V, 30V). All outputs went to 0V and display indicated fatal error as expected. |
Configure upper voltage limits to 10V, 26V, and 33V. Slowly raise power supply voltage above each set limit. Verify unit enters safe state (fatal error) and all outputs go to 0V. |
Unit correctly entered safe state for all tested voltage limits (10V, 26V, 33V). All outputs went to 0V as expected when voltage exceeded limits. |
Configure two units with same firmware versions in same system. Flash one unit with different firmware version (CPU1 and CPU2). Verify no communication occurs between units with different firmware versions. |
When firmware versions differed between units, no communication occurred. Node with different firmware showed no radio communication on display. |
Set up system with 16 nodes communicating normally via radio and CAN. Change serial number settings for node 1, then restore and change node 2. Verify communication stops when serial numbers don’t match across system. |
When serial numbers were changed on node 1, all system communication stopped. When serial numbers were changed on node 2, that node lost connection to system. All outputs went to 0V as expected. |
Verify that maximum reaction time from detecting stop condition until outputs turn off is selectable. Test covers input signal reaction time, input filter, logic calculation interval, communication reaction time, and output reaction time parameters. |
Maximum reaction time parameters are selectable and function as specified. All timing components tested in referenced test documents. |
Create valid configuration and modify one byte of data. Attempt to download corrupted configuration to unit. Verify unit rejects configuration with invalid CRC. |
Unit correctly rejected reconfiguration attempt with invalid CRC data. Configuration integrity protection functioning as expected. |
Set up system with 16 nodes communicating normally. Trigger fatal error on node 1 using fatal error trigger function block. Repeat test with different node and verify all system outputs turn off. |
When node 1 entered fatal error, all system outputs turned off. When node 16 entered fatal error, all system outputs turned off. Fatal error propagation functioning correctly across entire system. |
Connect PC configuration tool to unit during normal operation. Verify unit continues operating normally without entering safe state. Confirm connection alone does not affect operation. |
Unit continued normal operation when configuration tool was connected. No disruption to normal function occurred from tool connection alone. |
Set up system with 16 nodes operating normally. Change configuration in node 1, then restore and change configuration in another node. Verify no communication occurs when configurations don’t match. |
When node 1 configuration was changed, no units had connection to node 1. When node 9 configuration was changed, that node lost system connection. Configuration matching requirement functioning correctly. |
Configure a single unit with any logic. Blow on it with a heat gun to heat up the unit. Verify with MemmapRead that when the temperature reaches 85 degrees the unit enters safe state. |
When the temperature reached 85 degrees, the unit entered safe state. |
Set up a unit with a password 123. Attempt to change the configuration without entering the password. Verify that the unit rejects the configuration change and continues normal operation. |
Unit correctly rejected configuration change without correct password via both USB and radio. |
Configure a unit via USB, radio, and CAN. Verify that the unit accepts the configuration via all interfaces. |
Unit accepted configuration via USB, radio, and CAN as expected. |
Create a project and enter some ID numbers of units to be programmed. Verify that the GUI prompts the user to verify the entered ID numbers. |
A dialog box shows when entering or changing ID numbers, prompting the user to verify the entered ID numbers. |
Activate the special LED link in a unit via radio. Verify that the LED display is clearly illuminated in a special way that is easily distinguishable from normal operation/config mode. |
Radio: the LED display was illuminated and the GUI shows which node it is. |
Download a configuration to a unit and verify that the GUI indicates the download was successful. Download again and power down the unit before the download completes. Verify that the GUI indicates a failure and the unit does not accept the configuration. |
The GUI indicated success for the first download and failure for the second download. The unit did not accept the configuration after the failure. |
Verify that there is no direct user interface for unit setup or replacement. All configuration must be done via the GUI or memory card. |
The unit does not have any direct user interface for setup or replacement. All components are enclosed in the sealed housing and can only be accessed by either unscrewing the top and connecting USB and reconfiguring via the GUI. Configuration in this case is protected by a password. Via radio the configuration is protected by the password. |
This is not implemented yet. Verify that the memory card can be replaced without affecting the unit’s operation. The unit should continue to operate normally after replacing the memory card. |
The memory card replacement is not implemented yet, so this test is not applicable at this time. |
Configure a system of two units with a communication timeout of 10, 100, 10000 ms. Power down one unit and verify that the other unit detects the communication loss after the respective timeout period. |
10: The unit detected the communication loss after 10 ms. 100: The unit detected the communication loss after 100 ms. 10000: The unit detected the communication loss after 10000 ms. All units behaved as expected and outputs turned off after the respective timeout period. |
Configure the voltage thresholds for undervoltage and overvoltage to 7V, 22V, and 30V. Verify that the unit enters safe state when the voltage goes below or above these thresholds. |
The unit entered safe state when the voltage went below 7V, above 22V, and above 30V. |
Configure a system of 2 units, where one sends a global memory with “start-up” = true. Power down the unit that sends the global memory and power it up again. Verify that the reference in the receiver does not turn on until the sender sends an active 0 and then 1. |
At power down, the reference to the GM turned off. At power up, the reference to the GM did not turn on until the sender sent an active 0 and then 1. |